Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Delta Between Two Patch Sets: modules/rietveld/files/wrapper.py

Issue 6155422901731328: Run Rietveld using the AppEngine SDK (Closed)
Left Patch Set: Addressed comments and added proper configuration Created June 3, 2015, 3:31 p.m.
Right Patch Set: Addressed comments and added caching Created June 4, 2015, 9:19 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « modules/rietveld/files/site.conf ('k') | modules/rietveld/manifests/init.pp » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 #!/usr/bin/env python 1 #!/usr/bin/env python
2 2
3 from ConfigParser import SafeConfigParser 3 from ConfigParser import SafeConfigParser
4 import hashlib 4 import hashlib
5 import hmac 5 import hmac
6 import json 6 import json
7 import os 7 import os
8 import re 8 import re
9 import sys 9 import sys
10 import urllib 10 import urllib
11 11
12 OAUTH2_AUTHURL = 'https://accounts.google.com/o/oauth2/auth' 12 OAUTH2_AUTHURL = 'https://accounts.google.com/o/oauth2/auth'
13 OAUTH2_TOKENURL = 'https://accounts.google.com/o/oauth2/token' 13 OAUTH2_TOKENURL = 'https://accounts.google.com/o/oauth2/token'
14 OAUTH2_DATAURL = 'https://www.googleapis.com/plus/v1/people/me' 14 OAUTH2_DATAURL = 'https://www.googleapis.com/plus/v1/people/me'
15 OAUTH2_SCOPE = 'email' 15 OAUTH2_SCOPE = 'email'
16 16
17 OAUTH2_TOKEN_EXPIRATION = 5 * 60
18
17 def setup_paths(engine_dir): 19 def setup_paths(engine_dir):
18 sys.path.append(engine_dir) 20 sys.path.append(engine_dir)
19 21
20 import wrapper_util 22 import wrapper_util
21 paths = wrapper_util.Paths(engine_dir) 23 paths = wrapper_util.Paths(engine_dir)
22 script_name = os.path.basename(__file__) 24 script_name = os.path.basename(__file__)
23 sys.path[0:0] = paths.script_paths(script_name) 25 sys.path[0:0] = paths.script_paths(script_name)
24 return script_name, paths.script_file(script_name) 26 return script_name, paths.script_file(script_name)
25 27
26 def adjust_server_id(): 28 def adjust_server_id():
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
68 orig_create_cookie_data = login._create_cookie_data 70 orig_create_cookie_data = login._create_cookie_data
69 def _create_cookie_data(email, admin): 71 def _create_cookie_data(email, admin):
70 result = orig_create_cookie_data(email, admin) 72 result = orig_create_cookie_data(email, admin)
71 result += ':' + calculate_signature(result) 73 result += ':' + calculate_signature(result)
72 return result 74 return result
73 login._create_cookie_data = _create_cookie_data 75 login._create_cookie_data = _create_cookie_data
74 76
75 def enable_oauth2(client_id, client_secret, admins): 77 def enable_oauth2(client_id, client_secret, admins):
76 from google.appengine.tools.devappserver2 import login 78 from google.appengine.tools.devappserver2 import login
77 79
80 def request(method, url, data):
81 if method != 'POST':
82 url += '?' + urllib.urlencode(data)
83 data = None
84 else:
85 data = urllib.urlencode(data)
86 response = urllib.urlopen(url, data)
87 try:
88 return json.loads(response.read())
89 finally:
90 response.close()
91
92 token_cache = {}
93 def get_user_info(access_token):
94 email, is_admin, expiration = token_cache.get(access_token, (None, None, 0))
95 now = time.mktime(time.gmtime())
96 if now > expiration:
97 get_params = {
98 'access_token': access_token,
99 }
100 data = request('GET', OAUTH2_DATAURL, get_params)
101 emails = [e for e in data.get('emails') if e['type'] == 'account']
102 if not emails:
103 return None, None
104
105 email = emails[0]['value']
106 is_admin = email in admins
107
108 for token, (_, _, expiration) in token_cache.items():
109 if now > expiration:
110 del token_cache[token]
111 token_cache[access_token] = (email, is_admin, now + OAUTH2_TOKEN_EXPIRATIO N)
112 return email, is_admin
113
78 def get(self): 114 def get(self):
79 def request(method, url, data):
80 if method != 'POST':
81 url += '?' + urllib.urlencode(data)
82 data = None
83 else:
84 data = urllib.urlencode(data)
85 response = urllib.urlopen(url, data)
86 try:
87 return json.loads(response.read())
88 finally:
89 response.close()
90
91 def error(text): 115 def error(text):
92 self.response.status = 200 116 self.response.status = 200
93 self.response.headers['Content-Type'] = 'text/plain' 117 self.response.headers['Content-Type'] = 'text/plain'
94 self.response.write(text.encode('utf-8')) 118 self.response.write(text.encode('utf-8'))
95 119
96 def redirect(url): 120 def redirect(url):
97 self.response.status = 302 121 self.response.status = 302
98 self.response.status_message = 'Found' 122 self.response.status_message = 'Found'
99 self.response.headers['Location'] = url.encode('utf-8') 123 self.response.headers['Location'] = url.encode('utf-8')
100 124
(...skipping 19 matching lines...) Expand all
120 'client_secret': client_secret, 144 'client_secret': client_secret,
121 'redirect_uri': base_url + login.LOGIN_URL_RELATIVE, 145 'redirect_uri': base_url + login.LOGIN_URL_RELATIVE,
122 'grant_type':'authorization_code', 146 'grant_type':'authorization_code',
123 } 147 }
124 data = request('POST', OAUTH2_TOKENURL, token_params) 148 data = request('POST', OAUTH2_TOKENURL, token_params)
125 token = data.get('access_token') 149 token = data.get('access_token')
126 if not token: 150 if not token:
127 error('No token in response: ' + str(data)) 151 error('No token in response: ' + str(data))
128 return 152 return
129 153
130 get_params = { 154 email, is_admin = get_user_info(token)
131 'access_token': token, 155 if not email:
132 }
133 data = request('GET', OAUTH2_DATAURL, get_params)
134 emails = [e for e in data.get('emails') if e['type'] == 'account']
135 if not emails:
136 error('No email address in response: ' + str(data)) 156 error('No email address in response: ' + str(data))
137 return 157 return
138
139 email = emails[0]['value']
140 is_admin = email in admins
141 self.response.headers['Set-Cookie'] = login._set_user_info_cookie(email, i s_admin) 158 self.response.headers['Set-Cookie'] = login._set_user_info_cookie(email, i s_admin)
142 redirect(continue_url) 159 redirect(continue_url)
143 160
144 action = self.request.get(login.ACTION_PARAM) 161 action = self.request.get(login.ACTION_PARAM)
145 continue_url = self.request.get(login.CONTINUE_PARAM) 162 continue_url = self.request.get(login.CONTINUE_PARAM)
146 continue_url = re.sub(r'^http:', 'https:', continue_url) 163 continue_url = re.sub(r'^http:', 'https:', continue_url)
147 base_url = 'https://%s/' % self.request.environ['HTTP_HOST'] 164 base_url = 'https://%s/' % self.request.environ['HTTP_HOST']
148 165
149 if action.lower() == login.LOGOUT_ACTION.lower(): 166 if action.lower() == login.LOGOUT_ACTION.lower():
150 logout(continue_url or base_url) 167 logout(continue_url or base_url)
151 elif self.request.get('error'): 168 elif self.request.get('error'):
152 error('Authorization failed: ' + self.request.get('error')) 169 error('Authorization failed: ' + self.request.get('error'))
153 else: 170 else:
154 code = self.request.get('code') 171 code = self.request.get('code')
155 if code: 172 if code:
156 login_step2(code, self.request.get('state') or base_url) 173 login_step2(code, self.request.get('state') or base_url)
157 else: 174 else:
158 login_step1(continue_url or base_url) 175 login_step1(continue_url or base_url)
159 176
160 login.Handler.get = get 177 login.Handler.get = get
161 178
179 from google.appengine.api import user_service_stub, user_service_pb
180 from google.appengine.runtime import apiproxy_errors
181 def _Dynamic_GetOAuthUser(self, request, response, request_id):
182 environ = self.request_data.get_request_environ(request_id)
183 match = re.search(r'^OAuth (\S+)', environ.get('HTTP_AUTHORIZATION', ''))
184 if not match:
185 raise apiproxy_errors.ApplicationError(
186 user_service_pb.UserServiceError.OAUTH_INVALID_REQUEST)
187
188 email, is_admin = get_user_info(match.group(1))
189 if not email:
190 raise apiproxy_errors.ApplicationError(
191 user_service_pb.UserServiceError.OAUTH_INVALID_TOKEN)
192
193 # User ID is based on email address, see appengine.tools.devappserver2.login
194 user_id_digest = hashlib.md5(email.lower()).digest()
195 user_id = '1' + ''.join(['%02d' % ord(x) for x in user_id_digest])[:20]
Sebastian Noack 2015/06/04 21:51:43 WTF this algorithm, but I suppose we have to use i
Wladimir Palant 2015/06/04 23:19:54 Luckily, it doesn't seem to matter - Rietveld work
196
197 response.set_email(email)
198 response.set_user_id(user_id)
199 response.set_auth_domain(user_service_stub._DEFAULT_AUTH_DOMAIN)
200 response.set_is_admin(is_admin)
201 response.set_client_id(client_id)
202 response.add_scopes(OAUTH2_SCOPE)
203
204 user_service_stub.UserServiceStub._Dynamic_GetOAuthUser = _Dynamic_GetOAuthUse r
205
162 206
163 if __name__ == '__main__': 207 if __name__ == '__main__':
164 engine_dir = '/opt/google_appengine' 208 engine_dir = '/opt/google_appengine'
165 storage_path = '/var/lib/rietveld' 209 storage_path = '/var/lib/rietveld'
166 210
167 script_name, script_file = setup_paths(engine_dir) 211 script_name, script_file = setup_paths(engine_dir)
168 adjust_server_id() 212 adjust_server_id()
169 fix_request_scheme() 213 fix_request_scheme()
170 214
171 if script_name == 'dev_appserver.py': 215 if script_name == 'dev_appserver.py':
172 config = read_config(os.path.join(storage_path, 'config.ini')) 216 config = read_config(os.path.join(storage_path, 'config.ini'))
173 217
174 set_storage_path(storage_path) 218 set_storage_path(storage_path)
175 replace_runtime() 219 replace_runtime()
176 protect_cookies(config.get('main', 'cookie_secret')) 220 protect_cookies(config.get('main', 'cookie_secret'))
177 enable_oauth2( 221 enable_oauth2(
178 config.get('oauth2', 'client_id'), 222 config.get('oauth2', 'client_id'),
179 config.get('oauth2', 'client_secret'), 223 config.get('oauth2', 'client_secret'),
180 config.get('main', 'admins').split() 224 config.get('main', 'admins').split()
181 ) 225 )
182 226
183 execfile(script_file) 227 execfile(script_file)
LEFTRIGHT

Powered by Google App Engine
This is Rietveld